ACI Access Model

We’ve learned about the ACI object model in reference to the Tenants. However, to apply an EPG to a port you need the Access Policy Model. The access policy model consists of a few object in the model that in the end make up the configuration of the physical port on a switch. This chapter will cover all the objects in the image above. Vlan Pools A vlan pool is a set of vlans that can be used at a later time in the policy.

Fabric Discovery

Fabric Discovery is the process of discovering all the Leaf and Spine switches in the fabric. This sounds fairly straightforward and it is. But before you can start Fabric Discovery you have to perform the APIC setup first. APIC setup When you first unbox an APIC you will have a UCS server. It will have several interfaces on the backside. At one of the interfaces there should be a label To Fabric.

ACI Topology and Hardware

ACI Hardware Though this chapter is called ACI Topology and Hardware we begin with the hardware. This makes more sense from a logical standpoint. Otherwise I would be telling you about Leafs and Spines and APICs and such, without any reference. There is a lot of specific hardware available for ACI and I won’t cover it all here. The best place to find hardware specific information is on the Cisco website itself.

ACI Release 4.2 New Features

About a month ago Cisco released ACI version 4.2. Currently we’re at 4.2(2) and it contains a lot of new features. Most of these features are geared towards the ACI anywhere concept. Since I didn’t cover the new features of ACI 4.1 (as I was very busy studying for my CCIE at the time) I will include some of the features introduced in 4.1 too, I’ll let you know whether it is a 4.

CCIE Achieved!

Like the title says. I’ve achieved my CCIE. I’m number #62198 I’ve done reviews of my first and second attempt. You can find them here: First attempt Second attempt I’ve also done a third attempt and failed that one. I didn’t have much to say about that attempt back then that I hadn’t already discussed in the earlier posts, so I didn’t write a post back then. Now however, after my fourth attempt I finally got the coveted number.

CCIE Challenge 4: Troubleshoot Ticket 2

This is the second troubleshooting challenge. I would rate this a 2 / 3p ticket. You can find the configs of the routers here. For those of you using EVE I included the UNL file in there. The topology is as follows: R1 wants to be able to reach R6 via telnet. Match the output below. R1#telnet 2002:C0A8:3806::6 Trying 2002:C0A8:3806::6 ... Open R6>exit [Connection to 2002:C0A8:3806::6 closed by foreign host] You are not allowed to change anything on R4.

CCIE Challenge 3: MPLS L3VPN

This challenge is split up in four parts. Make sure you achieve the desired goals, even after multiple reboots of the routers in your topology. The initial config files can be downloaded here: General restrictions: You are not allowed to modify any IP address on any interface You are not allowed to introduce any new interfaces Part 1: IGP. Configure OSPF area 0 on the links between R7, R8, R11 and R12 Lo0 is part of OSPF area 0 Configure EIGRP as 100 on the links between R8, R9, R10, R13 and R12 Make sure the EIGRP process supports delay measured in picoseconds Lo0 on R10 and R13 should be D EX routes Lo0 on R9 should be part of EIGRP as 100 as a native EIGRP route Configure RIP on the links between R7, R5, R6, R8 and R9 Redistribute between all processes on all possible routers Part 2: iBGP.

CCIE Challenge 2: Troubleshoot Ticket 1

This #CCIEChallenge is a troubleshooting ticket for your pleasure. Depending on where you are in your CCIE prep you should be able to fix this ticket in 10 minutes. It would be comparable to a 3 or 4 point ticket. The config files can be downloaded here: R1 and R4 should be able to ping each other. Match the following output. R1 should always select its path through R3, even when R3 has suffered a failure and has returned to operations.

CCIE Challenge 1: DMVPN FVRF local breakout

So, this is the first CCIEChallenge created by me. You need to achieve the following to pass the challenge: In the topology, please ignore R15. It has no role in this assignment. The initial config files can be downloaded here: Set up a DMVPN between R14 (hub), R10 and R11 (spokes) This DMVPN needs to use the default route the routers have received from R12. The links between R12 and the other routers are part of the INTERNET VRF, the DMVPN should be member of the global routing table.


NAT is a confusing technology. Many people have difficulties understanding it. Myself included. This causes problems during configuration and troubleshooting. This post is for me to put everything in order and help myself understand NAT. Terminology When using NAT you work with several terms: Inside Local Inside Global Outside Local Outside Global Inside Local The inside local address is an address on the inside of your network. Most of the time these are RFC1918 addresses and are not routable on the internet.